[vpnc-devel] vpnc-nortel for MAC OS (almost!)

Antonio Borneo borneo.antonio at gmail.com
Mon Sep 21 19:19:52 CEST 2009 

Hi Nat,

the 2 warnings are from some printf(), we could skip them for the moment.

Please run in another shell the command
# setkey -x
or
# setkey -x -H
that will dump the whole PF_KEY communication with kernel, and run vpnc again.
Please send me the result of setkey. Since the communication stops
quite early, I do not expect any secret info could be in the dump.

Best Regards
Antonio Borneo

On Mon, Sep 21, 2009 at 11:04 PM, Nat Budin <natbudin at gmail.com> wrote:
> Hi Antonio!
>
> I'm not sure it is true that my kernel doesn't support PF_KEY.  From
> Apple's developer site, specifically:
> http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man4/ipsec.4.html,
> it appears it should be supported.  I checked on my system and the
> same manpage is present there.  I've been playing around with gdb to
> find out which packet is causing the error, and it appears that the
> request is originating from kernel_ipsec_get_spi.
>
> I just tried it using revision 414, and the patch does apply cleanly
> there.  The only compile-time warnings I receive are:
>
> config.c: In function ‘do_config’:
> config.c:840: warning: field precision should have type ‘int’, but
> argument 2 has type ‘long unsigned int’
>
> isakmp-pkt.c: In function ‘parse_isakmp_packet’:
> isakmp-pkt.c:931: warning: format ‘%d’ expects type ‘int’, but
> argument 2 has type ‘size_t’
>
> which I believe are also present in the latest version from trunk.
> However, I still get the same illegal argument error when I try to
> connect using it.
>
> Cheers,
> Nat
>
> On Mon, Sep 21, 2009 at 10:55 AM, Antonio Borneo
> <borneo.antonio at gmail.com> wrote:
>> Ciao Nat,
>> surprised you get that error. Looks like your kernel do not support PF_KEY ...
>> But I never tryed on Mac; don't have it... maybe some silly mistake by my side.
>>
>> Please try to use the same version on which I developed the patch.
>> Download it with
>> # svn co -r 414 http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel
>> then apply patch and compile.
>> Do you get any error or warning at compile time?
>>
>> Best Regards,
>> Antonio Borneo
>>
>> On Mon, Sep 21, 2009 at 8:45 PM, Nat Budin <natbudin at gmail.com> wrote:
>>> Hi,
>>>
>>> I downloaded and tested Antonio Borneo's patch from August 22, 2009
>>> under Mac OS X 10.6.  The patch didn't quite apply cleanly against the
>>> latest SVN sources of vpnc-norlel, but it was not very hard to make
>>> the appropriate changes.
>>>
>>> It seems there must be some small incompatibility, though, because
>>> right after I type my password, I get the following message:
>>>
>>> error writing PF_KEY socket: Invalid argument
>>>
>>> Here is my debug output using --debug 2:
>>> ...
>>
>

More information about the vpnc-devel mailing list